🔐 Bitwarden Vault Manager
Open-source, client-side encrypted Bitwarden vault management dashboard. All cryptographic operations — PBKDF2/Argon2id key derivation, HKDF-Expand (RFC 5869), AES-256-CBC encrypt/decrypt with HMAC-SHA256 verification — execute entirely in your browser. Zero plaintext data ever reaches any server.
Live Demo | GitHub Source Code (MIT License)
🔍 Smart Deduplication Engine
766-line Fusion Strategy engine that detects exact duplicates (URI + username + password triple match) and same-site duplicates (shared registered domain with eTLD+1 normalization across 30+ country-code TLDs). Deep identity comparison covers ALL fields: name, TOTP, notes, URIs, custom fields, passkeys (Fido2Credentials), favorite status, and re-prompt settings.
- Path A (Pure Delete): 100% byte-identical items → keep one, soft-delete the rest (30-day recovery)
- Path B (Create-Then-Delete): Items with differences → smart merge (Chinese title priority, URI simplification, field union, password history collection) → create new entry → delete originals only after server confirmation
- Passkey-Aware Merge: Preserves per-cipher encryption Key + Fido2Credentials through full Create-Then-Delete cycle, as Bitwarden's API rejects PUT updates on passkey-holding ciphers
🏥 Vault Health Analysis
Scores your vault 0–100 with 8 risk categories: weak passwords (length < 8, digits-only, letters-only), empty passwords (excluding passkey items), password reuse across sites, stale passwords (>1 year), insecure HTTP URIs, missing URLs, missing titles, and decrypt failures. Scoring formula: score = 100 - (high×3 + medium×1.5 + low×0.5) / totalLogins × 25.
🔗 URL Dead Link Detection
Full-vault scan using dual-strategy probing (fetch no-cors + img favicon). Built-in whitelist of ~200 major domains (Google, Apple, Microsoft, Amazon, Meta, Netflix, GitHub, etc.) with parent-domain matching to reduce false positives. Real-time progress bar with domain counter. Batch operations on detected dead links.
⚡ Optimistic Hot Update
All operations update the UI instantly. Server operations execute asynchronously in the background. Failed operations trigger toast notification + automatic vault resync. Permanent deletes use pessimistic mode (UI updates only after server confirmation).
📝 Full Item Management
Five item types with dedicated sidebar sections: Login 🔐 (with TOTP, passkeys, custom fields), Payment Card 💳, Identity 🪪, Secure Note 📝, SSH Key 🔑. Full folder management (create, rename, delete, batch move). Advanced search with keyboard shortcut (press / to focus). Favorites, corrupted items, trash with restore/permanent-delete.
🔒 Security
- Master password NEVER leaves the browser
- Supports PBKDF2-SHA256 and Argon2id key derivation
- HKDF-Expand manually implemented (Web Crypto's HKDF does Extract+Expand, wrong for Bitwarden's protocol)
- Session data in sessionStorage only — cleared when tab closes
- No server-side storage, no database, no analytics, no tracking
- Encrypted credential file uses AES-256-GCM
🌍 Internationalization
Full Chinese (中文) and English support with 375+ translation keys. Browser language auto-detection with manual toggle. Covers all UI surfaces: login, dashboard, duplicates, health, search, batch actions, detail drawer, edit form, trash, merge progress, credential file, and toast notifications.
🚀 Technology
Pure HTML + CSS + JavaScript (zero framework dependencies). Built with Vite. Deployed on Vercel with Rewrites proxy to Bitwarden official API (US + EU regions). MIT licensed. View source code on GitHub.